Snort mailing list archives
Re: Snort 1.9 vs 2.0
From: Erek Adams <erek () theadamsfamily net>
Date: Fri, 11 Oct 2002 13:29:31 -0700 (PDT)
On 11 Oct 2002, Florin Andrei wrote:
Excellent! Kudos to everyone at Sourcefire!
Absolutely!! :)
Now, remember my question at your talk a few months ago in Silicon Valley? ;-) Are we going to get reliable full SQL logging?
Ummm... Snort has that already. :)
Including portscan data? That was my biggest problem with Snort 1.8 - some portscan-related information never made it to the database, but only to the text log.
Well.... Due to the way spp_portcan.c and spp_portscan2.c are written, you can't do this right now. It would require a full rewrite (or at least a lot of changes) to the code. Until that happens, you may not get all of your data from the scans into the DB that you want. :( Sorry.... ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 1.9 vs 2.0 Hervé Debar (Oct 10)
- Re: Snort 1.9 vs 2.0 Chris Green (Oct 10)
- Re: Snort 1.9 vs 2.0 Andreas Hasenack (Oct 10)
- Re: Snort 1.9 vs 2.0 Martin Roesch (Oct 10)
- Re: Snort 1.9 vs 2.0 Hervé Debar (Oct 11)
- Re: Snort 1.9 vs 2.0 Martin Roesch (Oct 11)
- Re: Snort 1.9 vs 2.0 Chris Green (Oct 11)
- Re: Snort 1.9 vs 2.0 Jens Krabbenhoeft (Oct 14)
- Re: Snort 1.9 vs 2.0 Andreas Hasenack (Oct 10)
- Re: Snort 1.9 vs 2.0 Florin Andrei (Oct 11)
- Re: Snort 1.9 vs 2.0 Erek Adams (Oct 11)
- Re: Snort 1.9 vs 2.0 Chris Green (Oct 10)